Best of Both Worlds: Detecting Application Layer Attacks through 802.11 and Non-802.11 Features

Chatzoglou, Efstratios; Kambourakis, Georgios; Smiliotopoulos, Christos; Kolias, Constantinos

doi:10.3390/s22155633

Cited by 13 publications

(5 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It utilizes messages exchanged between the hub and IoT devices to discover all functions automatically and then initiates a feature-oriented message-semantics-guided fuzz test. In the latest WiFi-security-related works [16][17][18][19], wireless access points (APs) are taken as a research entry point to review the security of actual device WiFi networks, especially the security of web interfaces related to access points (APs).…”

Section: Dynamic Analysis-based Approachesmentioning

confidence: 99%

A Vulnerability Scanning Method for Web Services in Embedded Firmware

Ma,

Yan,

Wang

et al. 2024

Applied Sciences

View full text Add to dashboard Cite

As the Internet of Things (IoT) era arrives, the proliferation of IoT devices exposed to the Internet presents a significant challenge to device security. Firmware is software that operates within Internet of Things (IoT) devices, directly governing their behaviors and functionalities. Consequently, the security of firmware is critical to shielding IoT devices from potential threats. In order to enable users to operate a device intuitively, firmware commonly provides a web interface. Consequently, this interface frequently serves as the primary attack goal in Internet of Things (IoT) devices, rendering them susceptible to numerous cyber-attacks. Unfortunately, web services have complex data interactions and implicit dependencies, and it is not easy to balance efficiency and accuracy during the analysis process, leading to heavy overhead. This paper proposes a lightweight vulnerability scanning approach, WFinder, designed explicitly for embedded firmware web services to perform vulnerability checks on backend binary files in firmware. WFinder uses static analysis to focus on identifying vulnerabilities in boundary binary files related to web services in firmware. Initially, the approach identifies boundary binary files and external data entry points based on front-end and back-end associativity features. Subsequently, rules are formulated to filter hazardous functions to narrow the analysis targets. Finally, the method generates sensitive call paths from the external data input points to the hazardous functions and conducts a lightweight taint analysis along these paths to uncover potential vulnerabilities. We implemented a prototype of WFinder and evaluated it on the firmware of ten devices from five well-known manufacturers. We discovered thirteen potential vulnerabilities, eight of which were confirmed by the CNVD, and assigned them CNVD identification numbers. Compared with the most advanced tool, SATC, WFinder was more efficient at discovering more bugs on the test set. These results indicate that WFinder is effective at detecting bugs in embedded web services.

show abstract

Section: Dynamic Analysis-based Approachesmentioning

confidence: 99%

A Vulnerability Scanning Method for Web Services in Embedded Firmware

Ma,

Yan,

Wang

et al. 2024

Applied Sciences

View full text Add to dashboard Cite

show abstract

“…However, their focus was solely on detecting KRACK attacks. Similar works include [44]- [46]. It is important to note that these machines learning based defense mechanisms have not been evaluated in real networks but rather assessed using the publicly available AWID3 dataset [26].…”

Section: ) Stage 2 Defense Mechanismsmentioning

confidence: 99%

A Signature-Based Wireless Intrusion Detection System Framework for Multi-Channel Man-in-the-Middle Attacks Against Protected Wi-Fi Networks

Thankappan,

Rifà-Pous,

Garrigues

2024

IEEE Access

View full text Add to dashboard Cite

One of the advanced Man-in-the-Middle (MitM) attacks is the Multi-Channel MitM (MC-MitM) attack, which is capable of manipulating encrypted wireless frames between clients and the Access Point (AP) in a Wireless LAN (WLAN). MC-MitM attacks are possible on any client no matter how the client authenticates with the AP. Key reinstallation attacks (KRACK) in 2017-18, and the latest FragAttacks in 2021 are frontline MC-MitM attacks that widely impacted millions of Wi-Fi systems, especially those with Internet of Things (IoT) devices. Although there are security patches against some attacks, they are not applicable to every Wi-Fi or IoT device. In addition, existing defense mechanisms to combat MC-MitM attacks are not feasible for two reasons: they either require severe firmware modifications on all the devices in a system, or they require the use of several advanced hardware and software for deployment. On top of that, high technical overhead is imposed on users in terms of network setup and maintenance. This paper presents the first plug-and-play system to detect MC-MitM attacks. Our solution is a lightweight, signaturebased, and centralized online passive intrusion detection system that can be easily integrated into Wi-Fi-based IoT environments without modifying any network settings or existing devices. The evaluation results show that our proposed framework can detect MC-MitM attacks with a maximum detection time of 60 seconds and a minimum TPR (true positive rate) of 90% by short-distance detectors and 85% by long-distance detectors in real Wi-Fi or IoT environments.

show abstract

“…In [52], the authors proposed a framework for unsupervised classification and data mining of tweets about cyber vulnerabilities; this vulnerability included the Kr00K attack, which allows unauthorized decryption in Wi-Fi chips. The best accuracy that they achieved was 88.52% Chatzoglou et al applied deep learning and machine learning techniques on the AWID3 benchmark dataset [53], in order to answer questions about the competence of 802.11-specific and non-802.11 features when used separately and in tandem in detecting application layer attacks and to know which network protocol features are the most informative to the machine learning model for detecting application layer attacks; the performance of the detection model achieved 96.7% accuracy.…”

Section: Comparing Our Findings With Previous Studiesmentioning

confidence: 99%

Enhancing Network Security: A Machine Learning-Based Approach for Detecting and Mitigating Krack and Kr00k Attacks in IEEE 802.11

Salah

Elsoud

2023

Future Internet

View full text Add to dashboard Cite

The rise in internet users has brought with it the impending threat of cybercrime as the Internet of Things (IoT) increases and the introduction of 5G technologies continues to transform our digital world. It is now essential to protect communication networks from illegal intrusions to guarantee data integrity and user privacy. In this situation, machine learning techniques used in data mining have proven to be effective tools for constructing intrusion detection systems (IDS) and improving their precision. We use the well-known AWID3 dataset, a comprehensive collection of wireless network traffic, to investigate the effectiveness of machine learning in enhancing network security. Our work primarily concentrates on Krack and Kr00k attacks, which target the most recent and dangerous flaws in IEEE 802.11 protocols. Through diligent implementation, we were able to successfully identify these threats using an IDS model that is based on machine learning. Notably, the resilience of our method was demonstrated by our ensemble classifier’s astounding 99% success rate in detecting the Krack attack. The effectiveness of our suggested remedy was further demonstrated by the high accuracy rate of 96.7% displayed by our neural network-based model in recognizing instances of the Kr00k attack. Our research shows the potential for considerably boosting network security in the face of new threats by leveraging the capabilities of machine learning and a diversified dataset. Our findings open the door for stronger, more proactive security measures to protect IEEE. 802.11 networks’ integrity, resulting in a safer online environment for all users.

show abstract

Best of Both Worlds: Detecting Application Layer Attacks through 802.11 and Non-802.11 Features

Cited by 13 publications

References 30 publications

A Vulnerability Scanning Method for Web Services in Embedded Firmware

A Vulnerability Scanning Method for Web Services in Embedded Firmware

A Signature-Based Wireless Intrusion Detection System Framework for Multi-Channel Man-in-the-Middle Attacks Against Protected Wi-Fi Networks

Enhancing Network Security: A Machine Learning-Based Approach for Detecting and Mitigating Krack and Kr00k Attacks in IEEE 802.11

Contact Info

Product

Resources

About